REMARKS 



Claims 39-57 and 60 have been amended. No claims have been added or 
cancelled. Claims 1-63 remain pending in the application. Reconsideration is 
respectfully requested in light of the following remarks. 

Requirement for Restriction : 

The Examiner required restriction to one of the following two inventions as 
defined by the Examiner: 

I. Claims 1-60. 

II. Claims 61-63, drawn to "utilizing a gateway coupled between a 
plurality of proxy agent managers wherein each of the events, each 
of the requests include a user identification which identifies the 
respective manager to which the event belong, the managers share 
a singleton Request Service Access Point object", classified in 
class 709, subclass 202. 

The Examiner further stated that since Applicant "has received an action on the merits for 
the originally presented invention, this invention has been constructively elected by 
original presentation for prosecution of claims 1-60 on the merits. Accordingly, the 
Examiner considered Invention I to be elected and withdrew claims 61-63. 

Applicants traverse the restriction requirement on the grounds that the Examiner 

has failed to state a proper requirement for restriction. According to M.P.E.P. § 808: 

Every requirement to restrict has two aspects: (A) the reasons (as 
distinguished from the mere statement of conclusion) why each invention 
as claimed is either independent or distinct from the other(s); and (B) the 
reasons why there would be a serious burden on the examiner if restriction 
is not required, i.e., the reasons for insisting upon restriction therebetween 
as set forth in the following sections, (underline emphasis added). 

The Examiner has completely failed to satisfy either of the requirements of M.P.E.P. § 
808. Instead, the Examiner has done nothing more that make a "mere statement of 
conclusion" that restriction should be required. The Examiner has provided no reasons 
whatsoever as to why each invention as claimed is either independent or distinct from the 
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other. Instead, the Examiner has merely recited certain limitations of claims 61-63, 
"which the originally claimed invention (claims 1 - 60) is lacking." This amounts to 
nothing more that a mere statement of conclusion that restriction should be required. The 
Examiner provides no explanation as to why Invention II (claims 61-63) is independent 
of or distinct from Invention I (claims 1-60). 

Nor has the Examiner provided any reasons whatsoever as to why there would be 
a serious burden on the Examiner if restriction is not required. It is the Examiner who 
has the burden to state a proper restriction requirement. The Examiner is required to 
show why there would be a serious burden on the Examiner if restriction is not required. 
The Examiner has completely failed to address this requirement of a proper restriction 
requirement. Thus, the Examiner has failed to establish a proper requirement for 
restriction. The subject matter of claims 61-63 was suggested by the Examiner himself in 
facsimile transmissions sent to Applicants' attorney on May 25, 2004 and January 20, 
2005, and in the Office Action of February 10, 2005. These claims were suggested by 
the Examiner himself and have been repeatedly examined by the Examiner. For the 
Examiner to now say at this late date that there would be a serious burden if restriction is 
not required, is completely without merit. 

In summary, since the Examiner has not even attempted to meet either one of the 
requirements of M.P.E.P. § 808 to establish a proper restriction requirement, the 
Examiner has not established all of the necessary elements of a prima facie restriction 
requirement. Therefore, the Examiner's restriction requirement must be withdrawn. 
Examination of pending claims 61-63 is respectfully requested. 

Objection to the Specification: 

The Examiner objects to the specification "as failing to provide proper antecedent 
basis for the claimed subject matter." Specifically, the Examiner asserts that the 
specification does not recite "object-level access control provided at the individual object 
level so that one of the managers is granted access to one of the managed objects while 
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being prevented from interfacing with a different one of the managed objects, if the 

managed access is approved, application uses a request Service Access Point (SAP)". 

Applicants respectfully disagree. Applicants 5 specification clearly includes proper 

antecedent basis for the claimed limitation in question. For example, at page 32, lines 20- 

30, states, under the heading "Object-Level Access Control": 

In one embodiment, the Request Gateway 304 may provide object- 
level access control between manager applications and managed objects. 
Therefore, manager application access to managed objects may be granted 
at the individual object level. That is, a given manager may be granted 
access to particular objects while being prevented from interfacing with 
others. In one embodiment, a client manager application may be subject 
to authentication by the Request Gateway before being granted access to 
managed objects, such as by a pluggable authentication module, discussed 
below with reference to Figures 12, 13, 14, and 15. 

The specification continues: 

In one embodiment, object-level access control may be enforced 
by use of a Request Service Access Point (Requests AP). 

Thus, Applicants' specification clearly provides proper antecedent basis for the 
claimed limitation and the Examiner's objection is improper. Also, contrary to the 
Examiner's assertion, claims 1, 20 and 39 do not recite that the application uses a request 
Service Access Point (SAP). 

Objection to the Title : 

The Examiner also objects to the title of Applicants' invention because it "is not 
sufficient for proper classification of the claimed subject matter, as the applicant has 
argued that object-level access control provided at the individual object level so that one 
of the managers is granted to one of the managed objects while being prevented from 
interfacing with a different one of the managed objects, if the manager access is 
approved, application uses a request Service Access Point (SAP)". However, not all of 
the independent claims refer to a request Service Access Point (SAP). Nor have 
Applicants so argued. Applicants submit that the present title, "Secure Access to 
Managed Network Objects using a Configurable Platform-Independent Gateway" is 
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descriptive and indicative of the invention to which the claims are directed. The 
Examiner previously objected to the original title: Object-Level Access Control." The 
present title was suggested by the Examiner himself in a previous action, except for 
omission of the term "CORBA." Applicants assert that the present title is descriptive of 
the claimed invention. If the Examiner disagrees, Applicants' respectfully request that 
the Examiner provide a suggested title that would be accurate, descriptive and sufficient 
for proper classification. 

Objection to the Abstract : 

The Examiner also objects to the Abstract of Applicants' specification because it 
"fails to show how 'object-level access control provided at the individual object level so 
that one of the managers is granted to one of the managed objects while being prevented 
from interfacing with a different one of the managed objects, if the manager access is 
approved, application uses a request Service Access Point (SAP)' what the applicant has 
argued to be novel than (sic) the well-known prior arts including cited references." 
Applicants have not argued that use of a request Service Access Point (SAP) is required 
for all independent claims. The current Abstract specifically refers to a gateway that 
"may provide object-level access control between manager applications and managed 
objects, authenticating the client for each event type at the individual object level." Thus, 
Applicants' abstract is proper. 

Objection to the Drawings : 

The Examiner objects to the drawings "because Figures 1A through 15 do not 
show claimed invention which applicant considers novel compared to the cited arts, 
' object-level access control provided at the individual object level so that one of the 
managers is granted access to one of the managed objects while being prevented from 
interfacing with a different one of the managed objects, if the manager access is 
approved , application uses a request service access point (SAP)'" (underlining by 
Examiner). However, the drawings clearly show the various features, elements and 
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entities recited in Applicants claims, such as the gateway, managers, and managed 
objects. There is no requirement that every single word in the claims appear in the 
drawings. Instead, 37 CFR 1.83 only requires that every feature of an invention be 
illustrated in the drawings. The written disclosure may describe and explain what 
functions, actions and behaviors may be performed by the different features and 
according to various embodiments. Thus, for example, Fig. 7 illustrates a manager 
application 206, a Request Gateway 304, three managed devices 710, and requests 702 
and 706, while the written disclosure (see pages 28-29) describe how the gateway is used 
to deliver requests to the managed objects. Similarly, the written disclosure (see pages 
21-25) also describes how such a gateway may deliver events.to managers and manager 
applications. Moreover, there is no requirement that the drawings illustrate every 
possible embodiment of the invention. Applicants' complete disclosure, including the 
drawings and the written description clearly illustrate and describe all features and 
functionality of the claimed subject matter. As such, Applicants respectfully request 
removal of the Examiner's objection to the drawings. 

Double Patenting Rejections : 

The Examiner rejected claims 1-60 under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims 1-44 of U.S. Patent 
No. 6,839,748, claims 1-30 of U.S. Patent No. 6,813,770, claims 1-34 of U.S. Patent No. 
6,915,324 and claims 1-34 of U.S. Patent No. 6,950,824. Applicants traverse this 
rejection on the grounds that the Examiner has not stated a proper prima facie rejection. 
The only support given by the Examiner for the rejection is "[w]ith CORBA/TMN 
teachings it would be obvious to one of ordinary skill in the art to include the concept of 
using SAP and proxy agents." However, a simple assertion that it would have been 
obvious is not a proper reason for holding the claims of the present application obvious 
from the claims of the listed applications. According to MPEP 804.II.B.1, "the analysis 
employed in an obviousness-type double patenting determination parallels the guidelines 
for a 35 U.S.C. 103(a) rejection." This section of the MPEP also states that the same 
"factual inquires ... that are applied for establishing a background for determining 
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obviousness under 35 U.S.C. 103(a) are employed when making an obviousness-type 
double patenting analysis." MPEP 804.II.B. 1 also states that the Examiner should list the 
differences between each rejected claim and the claims of the other patent/application, 
and for each difference the Examiner should give the reasons why a person of ordinary 
skill in the art would conclude that the invention defined in the claim is an obvious 
variation of the invention defined in a claim of the other patent/application. Simply 
stating that "it would have been obvious" is not a valid reason why a person of ordinary 
skill in the art would conclude that the invention defined in each claim is an obvious 
variation of .the invention defined in a claim of the other patent/application. Nor has the 
Examiner specifically addressed each difference of each claim of the present application 
compared to the claims of the other applications. Instead, the Examiner improperly 
lumped all the claims together and did not address each specific difference. The 
Examiner clearly has not met the requirements stated in MPEP 804JI.B.1 to establish a 
prima facie obviousness-type double patenting rejection. Accordingly, Applicants 
respectfully request removal of the double patenting rejection of claims 1-60. 

The Examiner rejected claims 1-60 under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims 1-39 of copending 
Application No. 09/552,984, claims 1-45 of copending Application No. 09/557,068, and 
claims 1-45 of copending Application No. 09/552,985. The Examiner has failed to state 
a proper obviousness-type double patenting rejection for at least the reasons stated above. 

Furthermore, the Examiner admits that the claims of the 6,839,748, 6,813,770, 
6,915,324 and 6,950,824 patents and the 09/552,984, 09/557,068, and 09/552,985 
applications do not specifically teach or suggest object-level access control provided at an 
individual object level. The Examiner relies on Barry, et al. (U.S. Patent 6,615,258) 
(hereinafter "Barry") and (JIDM Interaction Translation, Initial Submission to OMG's 
CORBA/TMN Internetworking RFP, Edition 4.0, February 1998, pages, I-v, 1-1 to 7- 
132, 9-167 to 9-169 (hereinafter "CORBA/TMN"). However, as described below 
regarding the rejection of claims 1 and 20, the Examiner's reliance on Barry and 
CORBA/TMN is misplaced. Neither Barry nor CORBA/TMN teach the respective 
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subject matter for which the Examiner relies on them. Please see the rejections of claims 
1 and 20 below for a detailed discussion of how Barry and CORBA/TMN fail to teach the 
respective subject matter for which the Examiner relies on them. 

Accordingly, Applicant respectfully requests removal of the double patenting 
rejections of claims 1-60. 

Section 103(a) Rejection : 

The Examiner rejected claims 1, 5-7, 9, 16, 17, 20, 24-26, 28, 35, 36, 39, 43-45, 
47, 54, 55 and 58-60 under 35 U.S.C. § 103(a) as being unpatentable over Barker, et al. 
(U.S. Patent 6,363,421) (hereinafter "Barker") in view of Barry et al. (U.S. Patent 
6,615,258) (hereinafter "Barry") and JIDM Interaction Translation, Initial Submission to 
OMG's CORBA/TMN Internetworking RFP, Edition 4.0, February 1998, pages, I-v, 1-1 
to 7-132, 9-167 to 9-169 (hereinafter "CORBA/TMN"). Applicants respectfully traverse 
this rejection for at least the reasons presented below. 

Regarding claim 1, contrary to the Examiner's assertion, the combination of 
Barker, Barry and CORBA/TMN fails to teach or suggest a gateway configurable to 
provide obiect-level access control between the one or more managers and the managed 
objects to receive the one or more events from or to send the one or more requests to the 
managed objects, where the obiect-level access control is provided at an individual object 
level so that one or of the one or more managers is granted access to one of the managed 
objects while being prevented from interfacing with a different one of the managed 
objects. 

Barker discloses a system including "access control based on client name and 
password" (Barker, column 8, lines 45-46). Barker describes this as "a method of client 
based access control of network elements" (emphasis added, Barker, column 30, lines 45- 
46). Further, Barker summarizes his access control features as "the client based access 
control . . . provides a means to restrict access on a command/client basis", and does not 
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describe his access control features as restricting access at the object level (emphasis 
added, Barker, column 31, lines 10-12). 

The Examiner asserts that Barker teaches a gateway configurable to provide 
"object-level control", referring to the use of a naming service and citing column 8, line 
53 - column 9, line 19, and column 7, lines 47-63. The Examiner is incorrect. These 
passages of Barker only refer to Barker's use of EMAPI, CORBA, Java, C++ and SNMP, 
but fail to mention anything regarding any sort of "object level control". Although Java 
and C++ are object-oriented programming languages, that does not imply any sort of 
object-level control for delivering events to or receiving requests from managed objects 
as recited in claim 1, contrary to the Examiner's assertion. Additionally, "object-level 
control" (as stated by the Examiner) is not the same as "object-level access control" (as 
recited in claim 1). Controlling an object and control access to that object are two very 
different things. Thus, the Examiner's comments in regard to the teachings of Barker are 
not relevant to the actual limitations recited in claim 1 . 

Barry teaches a web-based, integrated customer interface system for data 
management. Barry's customer interface system includes a graphical user interface for 
enabling a user to interact with services provided by remote servers located in the Internet 
and utilizes a web paradigm to allow easy and convenient access to all of the services 
from the user's perspective. The Examiner relies on Barry to teach or suggest "usage at 
individual object level", citing column 15, lines 31-62 of Barry. However, Applicants' 
claim does not recite "usage at individual object level". Instead, Applicants' claim 
recites that "object-level access control is provided at an individual object level so that 
one or more managers is granted access to one of the managed objects while being 
prevented from interfaces with a different one of the managed objects." The cited portion 
of Barry does not mention anything regarding providing object-level access control at an 
individual object level, as recited in Applicants' claim. Instead, at the cited passage, 
Barry describes an order entry application used "to order, fulfill, and bill for, as well as 
administer, the suite of data management applications." Barry describes that all access to 
the suite of applications is controlled by user identifiers and passwords and that 
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"individual users are specifically granted access to only the necessary system objects, i.e., 
file, programs, menus, reports, etc." However, Barry fails to teach or suggest any object- 
level access control provided at an individual object level. Instead, Barry teaches that the 
Order Entry application "provides the ability to prevent unauthorized, non-customer 
access to data and applications in the system " Thus, Barry's access control is provided 
on a user or client basis, not at an individual object level. 

Additionally, it is unclear how "usage at an individual object level" relates to 
object-level access control. The fact that Barry teaches a graphical user interface for 
enabling a user to interact with services provided by remote servers has absolutely 
no relevance to object-level access control. Additionally, even if it were proper to 
combine the references, the combination of Barker and Barry would at most result in 
Barker's system, including client-based access control that utilizes the graphical user 
interface taught in Barry. Such a combination does not teach or suggest anything about 
object-level access control for delivering events to or receiving requests from managed 
objects as recited in claim 1. . 

The Examiner relies on CORBA/TMN to teach "access control", citing page 4-62. 
However, CORBA/TMN uses a completely different type of access control from object- 
level access control. CORBA/TMN teaches domain-based access control For example, 
CORBA/TMN states that objects (both managed and manager) are grouped into domains 
and that domains "are considered the unit of accessibility" and that each domain, "may 
have any number of objects within it" (CORBA/TMN, page 2-8, paragraph 7). Objects 
must gain access to a target object's domain and can then access any object within that 
domain. Thus, CORBA/TMN teaches domain-level access control, not object-level 
access control. 

The Examiner argues that the "object-level control" of Barker combined with the 
"concept of usage at individual object level" of Barry and further combined with the 
domain-based "access control" of CORBA/TMN somehow teaches or suggest the 
specific limitation of providing object-level access control between managers and 
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managed objects to receive the one or more events from or to send the one or more 
requests to the managed objects, where the object-level access control is provided at an 
individual object level, as recited in Applicants' claim 1. The Examiner's position is 
completely unsupported by the teachings of the cited art. None of the references, 
either alone or in combination teach or suggest object-level access control between 
managers and managed objects to receive the one or more events from or to send the one 
or more requests to the managed objects, where the object-level access control is 
provided at an individual object level, as recited in Applicants' claim 1. Instead, as 
shown above, Barker, Barry and CORBA/TMN all teach access control that is 
specifically not provided at an individual object level. The access control of Barker is at 
the client level, Barry's is at the user level, and the access control of CORBA/TMN is at 
the domain level. Furthermore, Barry is completely silent in regard to any type of access 
control for receiving events from or sending requests to managed objects, as managed 
objects are understood in the art. 

The Examiner's combination of Barker, Barry and CORBA/TMN does not in any 
way teach or suggest a gateway that is configurable to provide object-level access control 
between the one or more managers and the managed objects to receive the one or more 
events from or to send the one or more requests to the managed objects, where the object- 
level access control is provided at an individual object level so that one or of the one or 
more managers is granted access to one of the managed objects while being prevented 
from interfacing with a different one of the managed objects, as recited in claim 1. 
Instead, even if the combination of references was proper, the Examiner's proposed 
combination of Barker, Barry and CORBA/TMN would at most result only in the 
CORBA-based remote management system of Barker, that utilized the graphical user 
interface as taught by Barry and that also includes domain-level access control as taught 
by CORBA/TMN. Thus, the Examiner's proposed combination of Barker, Barry and 
CORBA/TMN clearly does not teach all the limitations of Applicants' claim 1. As the 
Examiner is surely away, to establish a prima facie obviousness of a claimed invention, 
all claim limitations must be taught or suggested by the prior art. In re Royka, 490 F.2d 
981, 180 U.S.P.Q. 580 (C.C.P.A. 1974), MPEP 2143.03. Obviousness cannot be 
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established by combining or modifying the teachings of the prior art to produce the 
claimed invention, absent some teaching or suggestion or incentive to do so. In re Bond, 
910 F. 2d 81, 834, 15 USPQ2d 1566, 1568 (Fed. Cir. 1990). Since, as shown above, the 
Examiner's combination of Barker, Barry and CORBA/TMN fails to teach all the 
limitations of Applicants' claim 1, the Examiner has failed to provide a prima facie 
rejection. 

Moreover, there is .no motivation found in the evidence of record to combine the 
teachings of the cited art in a way that would result in Applicants' claimed invention. 
The rejection of claim 1 is clearly a case of the Examiner simply attempting to identify 
features of Applicants' claimed invention in disparate references. The Examiner is 
clearly attempting a piecemeal reconstruction of Applicants' invention in hindsight 
without considering the claimed invention as a whole. Such reconstruction is improper. 
See, e.g., Interconnect Planning Corp. v. Feil, 114 F.2d 1132, 1143, 227 USPQ 543, 551 
(Fed. Cir. 1985) (it is insufficient to select from the prior art the separate components of 
the inventor's combination, using the blueprint supplied by the inventor); Uniroyal, Inc. 
v. Rudkin-Wiley Corp., 837 F.2d 1044, 1051-52, 5 USPQ 2d 1434, 1438 (Fed. Cir. 1988) 
(it is impermissible to reconstruct the claimed invention from selected pieces of prior art 
absent some suggestion, teaching, or motivation in the prior art to do so). The Examiner 
cannot use the claimed invention as an instruction manual or "template" to piece together 
the teachings of the prior art so that the claimed invention is rendered obvious. In re 
Fritch, 23 USPQ 2d 1780, 1784 (Fed. Cir. 1992). "One cannot use hindsight 
reconstruction to pick and choose among isolated disclosures in the prior art to deprecate 
the claimed invention." In re Fine, 837 F.2d 1071, 1075, 5 USPQ 2d 1596, 1600 (Fed. 
Cir. 1988). 

The Examiner merely states that it would have been obvious to combine the 
teachings of Barker and Barry "because the concept of accessing individual object level 
would enhance supporting event / request by the object." This statement by the Examiner 
is found nowhere in any evidence of record and thus can only have come in hindsight 
from Applicants' own teachings. An obviousness claim that lacks factual evidence of a 
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suggestion or motivation for one of skill in the art to combine prior art references to 
produce the claimed invention is defective as hindsight analysis. In addition, the showing 
of a suggestion, teaching, or motivation to combine prior teachings "must be clear and 
particular. Broad conclusory statements regarding the teaching of multiple references, 
standing alone, are not 'evidence'." In re Dembiczak, 175 F.3d 994, 50 USPQ2d 1614 
(Fed. Cir. 1999). The art must fairly teach or suggest to one to make the specific 
combination as claimed . That one achieves an improved result by making such a 
combination is no more than hindsight without an initial suggestion to make the 
combination . Such an initial suggestion must be supported by evidence of record. The 
Examiner's stated motivation is merely a desired result from the combination in an 
attempt to reconstruct Applicants' claimed invention, not a suggestion or motivation to 
combine Barker and Barry. 

The Examiner has also failed to state a proper motivation to combine the 
teachings of CORBA/TMN with those of Barker and Barry. The Examiner states that it 
would have been obvious to combine the teachings of Barker and Barry with those of 
CORBA/TMN "because the concept of accessing a single object would enhance 
supporting event/request for the particular object." The Examiner also states that 
"prevention of accessing the other object when accessing the object would enhance 
supporting event/request specific to the object and not in common with the other object". 
These statement by the Examiner are found nowhere in any evidence of record and thus 
can only have come in hindsight from Applicants' own teachings. None of the cited art 
suggests "prevention of accessing the other object when accessing the object would 
enhance supporting event/request specific to the object and not in common with the other 
object". The Examiner has again merely stated a desired result from the combination in 
an attempt to reconstruct Applicants' claimed invention, not a suggestion or motivation to 
combine the teachings of CORBA/TMN with those of Barker and Barry. 

Whether a motivation to combine prior art references has been demonstrated is a 
question of fact. Winner Int'l Royalty Corp. v. Wang, 202 F.3d 1340, 1348, 53 USPQ2d 
1580, 1586 (Fed. Cir. 2000). The statute clearly places the burden of proof to satisfy the 
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question of fact on the Examiner which requires him to produce the factual basis for his 
rejection. In re Warner, 154 USPQ 173, 177 (C.C.P.A. 1967), cert, denied, 389 U.S. 
1057 (1968). The Examiner has completely failed to meet his burden of proof since 
the Examiner has not provided any factual evidence showing a suggestion of 
desirability to combine Barker, Barry and CORBA/TMN. The factual inquiry 
whether to combine references must be thorough and searching." McGinley v. Franklin 
Sports, Inc., 60USPQ2d 1001, 1008 (Fed. Cir. 2001). It must be based on objective 
evidence of record. "This precedent has been reinforced in myriad decisions, and cannot 
be dispensed with." In re Lee, 61 USPQ2d 1430, 1433 (Fed. Cir. 2002). "A showing of a 
suggestion, teaching, or motivation to combine the prior art references is an essential 
component of an obviousness holding." Brown & Williamson Tobacco Corp. v. Philip 
Morris Inc., 56 USPQ2d 1456, 1459 (Fed. Cir. 2000). The Federal Circuit has stated: 
"Our case law makes clear that the best defense against the subtle but powerful attraction 
of a hindsight-based obviousness analysis is rigorous application of the requirement for a 
showing of the teaching or motivation to combine prior art references." The need for 
specificity pervades this authority. See, e.g., In re Kotzab, 217 F.3d 1365, 1371, 55 
USPQ2d 1313, 1317 (Fed. Cir. 2000) ("particular findings must be made as to the reason 
the skilled artisan, with no knowledge of the claimed invention, would have selected 
these components for combination in the manner claimed"); In re Rouffet, 149 F.3d 1350, 
1359, 47 USPQ2d 1453, 1459 (Fed. Cir. 1998) ("the [Examiner] must identify 
specifically the principle, known to one of ordinary skill, that suggests the claimed 
combination. In other words, the [Examiner] must explain the reasons one of ordinary 
skill in the art would have been motivated to select the references and to combine them to 
render the claimed invention obvious."); In re Fritch, 972 F.2d 1260, 1265, 23 USPQ2d 
1780, 1783 (Fed. Cir. 1992) (the examiner can satisfy the burden of showing obviousness 
of the combination "only by showing some objective teaching in the prior art or that 
knowledge generally available to one of ordinary skill in the art would lead that 
individual to combine the relevant teachings of the references"). 

Furthermore, Barker teaches away from object-level access control. Barker 
teaches that a client can specify a range of managed object instance identifiers, or even 



09/556,068 (5181-48400/P4500) 



29 



Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. 



request all instances in a managed object call through the managed object instance 
identifier parameter (Barker, column 25, lines 27-28). Hence, Barker teaches that once a 
client has been properly authenticated at the start of a session, that client may then 
register for attribute update notification for a number of managed objects through a single 
call. Such functionality is clearly not compatible with object-level access control, and 
thus Barker clearly teaches away from object-level access control, wherein the object- 
level access control is provided at the individual object level so that one of the managers 
is granted access to one of the managed objects while being prevented from interfacing 
with a different one of the managed objects. Thus, Barker actually teaches away from the 
Examiner's proposed combination of Barker, Barry and CORBA/TMN. References that 
teach away cannot serve to create a prima facie case of obviousness. In re Gurley, 27 
F.3d 551, 553, 31 USPQ2d 1131, 1132 (Fed. Cir. 1994). Moreover, since Barker teaches 
away from object-level access control, modifying Barker to use object-level access 
control would necessarily change the principle of operation of Barker's system. As the 
Examiner is surely away, if the proposed modification or combination of the prior art 
would change the principle of operation of the prior art invention being modified, then 
the teachings of the references are not sufficient to render the claims prima facie obvious; 
M.P.E.P. § 2143.01; and In re Ratti, 270 F.2d 810, 123 USPQ 349 (CCPA 1959). 

Thus, for at least the reasons above, the rejection of claim 1 is not supported by 
the prior art and removal thereof is respectfully requested. Similar remarks as those 
above regarding claim 1 also apply to claims 58. 

Regarding claim 20, the combination of Barker, Barry and CORBA/TMN does 
not teach or suggest determining on a managed object level whether or not the manager 
application is allowed to receive an event generated by one of a plurality of managed 
objects or to send a request to the one of the plurality of managed objects as a function of 
the identity of the user of the manager application. The Examiner cites column 7, lines 
47-63 and column 8, line 53 - column 9, line 19 of Barker. However, the cited passages 
do not mention anything about determining on a managed object level whether or not a 
manager application is allowed to receive an event generated by a managed object or 
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send a request to a managed object as a function of the identity of the user of the manager 
application. Instead, these passages of Barker only refer to his use of EMAPI, CORBA, 
Java, C++, and SNMP, but fail to mention anything regarding any sort of access control 
for any portion of Barker's system. The Examiner has not cited any particular portion in 
Barker that describes the features the Examiner is attributing to Barker's system. In fact, 
the Examiner is incorrectly assuming that Barker's use of CORBA and the HOP protocol 
includes object level access control such that one of the managers is granted access to one 
of the managed objects while being prevented from interfacing with a different one of the 
managed objects. 

Barker further teaches the use of a single service object "to provide services for a 
class of managed objects" (underlining added) (Barker, column 14, lines 42-43) and that 
the EM server "will implement one application-specific service object for each type of 
physical or logical resource to be managed" (underlining added) (Barker, column 39, 
lines 60-62). Applicants assert that access control on a command/client basis while using 
a single service object for each class of managed object actually teaches away from 
determining on a managed object level whether or not the manager application is allowed 
to send a request to the managed object. As note above 

Furthermore, Barker fails to disclose that access for the manager application to 
receive the event or send the request is approved or denied for said one of the plurality of 
managed objects at the individual object level so that the manager application is granted 
access to one of the plurality of managed objects while being prevented from interfacing 
with a different one of the plurality of managed objects. Instead, Barker discloses a 
method "of client based access control of network elements" (emphasis added, Barker, 
column 30, lines 45-46) that "provides a means to restrict access on a command/client 
basis" (emphasis added, Barker, column 31, lines 10-12). Barker does not describe his 
access control features as restricting access at the object level. Please refer to Applicants 
arguments above regarding claim 1 for a more detailed discussion regarding Barker's 
failure to teach object level access control. 
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Barry and CORBA/TMN are not relied upon by the Examiner to teach this 
limitation, nor do they overcome the above-noted deficiencies of Barker regarding 
determining on a managed object level whether or not the manager application is allowed 
to receive an event generated by one of a plurality of managed objects or to send a 
request to the one of the plurality of managed objects as a function of the identity of the 
user of the manager application. Or about where access for the manager application to 
receive the event or send the request is approved or denied for said one of the plurality of 
managed objects at the individual object level so that the manager application is granted 
access to one of the plurality of managed objects while being prevented from interfacing 
with a different one of the plurality of managed objects. Thus, the Examiner's 
combination of Barker, Barry and CORBA/TMN does not teach or suggest the 
limitations of Applicants' claim 20. 

For at least the reasons given above, the rejection of claim 20 is not supported by 
the prior art and its removal is respectfully requested. Similar remarks as discussed 
above in regard to claim 20 apply to claims 39, 59, and 60. 

The Examiner rejected claims 8, 27 and 46 under 35 U.S.C. § 103(a) as being 
unpatentable over Barker, Barry and CORBA/TMN in view of Official Notice. 
Applicants respectfully traverse this rejection of at least the reasons below. 

In regard to claims 8, 27 and 46, the Examiner takes official notice that "both the 
concept and advantages of providing [an] object corresponding to a telephone network is 
well known and expected in the art." Pursuant to M.P.E.P. § 2144.03, Applicant 
traverses the Examiner's taking of Official Notice in regard to the specific combination 
of features recited in claims 8, 27 and 46. Applicant asserts that it was not well known in 
the prior art for a gateway coupled to a plurality of managed objects and which is 
configured to deliver events generated by the managed objects to one or more managers 
or to deliver one or more requests generated by the one or more managers to one or more 
of the managed objects and wherein the gateway is configured to provide object-level 
access control between the one or more managers and the managed objects, wherein the 



09/556,068 (5181-48400/P4500) 



32 



Meyertons, Hood, Kivlin, Kowert & Goetzel, P.C. 



managed objects comprise one or more objects corresponding to a telephone network. 
Pursuant to M.P.E.P. § 2144.03 Applicants repeat the assertion that "the examiner must 
provide documentary evidence in the next Office action if the rejection is to be 
maintained. See also 31 CFR 1.104(c)(2), (d)(2) and In re Zurko, 258 F.3d 1379, 1386 
(Fed. Cir. 2001). Furthermore, Applicants note that the Examiner has failed to 
provide any documentary evidence in support of the Examiner's taking of Official 
Notice in response to Applicants assertion in the previous response, pursuant to 
M.P.E.P. § 2144.03, that he do so. 

Moreover, the Examiner's stated motivation to combine the teachings of his 
Official Notice with the other cited references is completely conclusory and not 
supported by any evidence of record. Thus, the rejection of claims 8, 27 and 46 is 
improper and removal thereof is respectfully requested. 

The Examiner rejected claims 11-15, 30-34 and 49-53 under 35 U.S.C. § 103(a) 
as being unpatentable over Barker, Barry, CORBA/TMN and Olden in view of Official 
Notice. Applicants respectfully traverse this rejection for at least the reasons presented 
regarding their respective independent claims. 

In further regard to claims 11-15, 30-34 and 49-53, the Examiner takes official 
notice that "both the concept and advantages of providing access to a logging service, to 
log an ID of a user, to log an ID of the object is well known and expected in the art." 
Pursuant to M.P.E.P. § 2144.03, Applicant traverses the Examiner's taking of official 
notice in regard to the specific combination of features recited in these claims. 
Applicants assert that it was not well known in the prior art for a gateway that provides 
object-level access control to provide access to a logging service, to log an ID of user or 
to log an ED of a managed object. In fact, as admitted by the Examiner, Barker, Barry 
and CORBA/TMN all fail to teach providing access to a logging service, to log an ID of 
user or to log an ID of a managed object. Pursuant to M.P.E.P. § 2144.03 Applicants 
repeat the previous assertion that "the examiner must provide documentary evidence in 
the next Office action if the rejection is to be maintained. See also 37 CFR 1.104(c)(2), 
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(d)(2) and In re Zurko, 258 F.3d 1379, 1386 (Fed. Cir. 2001). Furthermore, the 
Examiner's stated motivation to combine the teachings of his Official Notice with the 
other cited references is completely conclusory and not supported by any evidence of 
record. Applicants note that the Examiner has failed to provide any document 
evident in the current office action even through Applicants asserted in the previous 
Response, pursuant to M.P.E.P. § 2144.03, "the examiner must provide 
documentary evidence in the next Office action if the rejection is to be maintained." 

The Examiner rejected claims 1, 5-7, 9, 16, 17, 20, 24-26, 28, 35, 36, 39, 43-45, 
47, 54-55 and 58-60 under 35 U.S.C. § 103(a) as being unpatentable over Barker in view 
of Barry and Buckle, et al. (hereinafter "Buckle"). Applicants respectfully traverse this 
rejection for at least the following reasons. 

Regarding claim 1, contrary to the Examiner's assertion, the combination of 
Barker, Barry and Buckle fails to teach or suggest a gateway configurable to provide 
object-level access control between the one or more managers and the managed objects to 
receive the one or more events from or to send the one or more requests to the managed 
objects, where the object-level access control is provided at an individual object level so 
that one or of the one or more managers is granted access to one of the managed objects 
while being prevented from interfacing with a different one of the managed objects. 

Barker discloses a system including "access control based on client name and 
password" (Barker, column 8, lines 45-46). Barker describes this as "a method of client 
based access control of network elements" (emphasis added, Barker, column 30, lines 45- 
46). Further, Barker summarizes his access control features as "the client based access 
control . . . provides a means to restrict access on a command/client basis", and does not 
describe his access control features as restricting access at the object level (emphasis 
added, Barker, column 31, lines 10-12). 

The Examiner asserts that Barker teaches a gateway configurable to provide 
"object-level control", referring to the use of a naming service and citing column 8, line 
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53 - column 9, line 19, and column 7, lines 47-63. The Examiner is incorrect. These 
passages of Barker only refer to Barker's use of EM API, CORBA, Java, C++ and SNMP, 
but fail to mention anything regarding any sort of "object level control". Although Java 
and C++ are object-oriented programming languages, that does not imply any sort of 
object-level control for delivering events to or receiving requests from managed objects 
as recited in claim 1, contrary to the Examiner's assertion. Additionally, "object-level 
control" (as stated by the Examiner) is not the same as "object-level access control" (as 
recited in claim 1). Controlling an object and control access to that object are two very 
different things. Thus, the Examiner's comments in regard to the teachings of Barker are 
not relevant to the actual limitations recited in claim 1 . 

Barry teaches a web-based, integrated customer interface system for data 
management. Barry's customer interface system includes a graphical user interface for 
enabling a user to interact with services provided by remote servers located in the Internet 
and utilizes a web paradigm to allow easy and convenient access to all of the services 
from the user's perspective. The Examiner relies on Barry to teach or suggest "usage at 
individual object level", citing column 15, lines 31-62 of Barry. However, Applicants' 
claim does not recite "usage at individual object level". Instead, Applicants' claim 
recites that "object-level access control is provided at an individual object level so that 
one or more managers is granted access to one of the managed objects while being 
prevented from interfaces with a different one of the managed objects." The cited portion 
of Barry does not mention anything regarding providing object-level access control at an 
individual object level, as recited in Applicants' claim. Instead, at the cited passage, 
Barry describes an order entry application used "to order, fulfill, and bill for, as well as 
administer, the suite of data management applications." Barry describes that all access to 
the suite of applications is controlled by user identifiers and passwords and that 
"individual users are specifically granted access to only the necessary system objects, i.e., 
file, programs, menus, reports, etc." However, Barry fails to teach or suggest any object- 
level access control provided at an individual object level. Instead, Barry teaches that the 
Order Entry application "provides the ability to prevent unauthorized, non-customer 
access to data and applications in the system." Thus, Barry's access control is provided 
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on a user or client basis, not at an individual object level. 

Additionally, it is unclear how "usage at an individual object level" relates to 
object-level access control. The fact that Barry teaches a graphical user interface for 
enabling a user to interact with services provided by remote servers has absolutely 
no relevance to object-level access control. Additionally, even if it were proper to 
combine the references, the combination of Barker and Barry would at most result in 
Barker's system, including client-based access control that utilizes the graphical user 
interface taught in Barry. Such a combination does not teach or suggest anything about 
object-level access control for delivering events to or receiving requests from managed 
objects as recited in claim 1. 

The Examiner relies on Buckle to teach "access control so that one of the 
managers is granted access to one of the managed objects while being prevented from 
interfacing with a different one of the managed objects", citing FIGs 2-10, 12- 15 and 
column 3, line 46 - column 4, line 41. Buckle teaches an agent oriented computing 
environment including an agent shell that can be sued by developers for constructing 
agent computing entities according to their own functionality requirements. Buckle's 
system also includes an agent enabling layer providing basic communication, brokering 
and negotiation between agent computing entities. However, Buckle fails to teach any 
sort of access control whatsoever and clearly fails to teach "access control so that one of 
the managers is granted access to one of the managed objects while being prevented from 
interfacing with a different one of the managed objects" as asserted by the Examiner. 
Buckle teaches an environment in which agent computing entities can efficiently identify 
each other and quickly asses the functionality of peer agents (column 3, lines 19-30). 
None of the Examiner's cited figures illustrates any sort of access control. Instead, 
Buckle illustrates various features of his system enabling access and communication 
between agents. 

Similarly, the Examiner's cited passage from Buckle (column 3, line 46 - column 
4, line 41) describes an agent communication interface including an agent communication 
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language. Buckle teaches that at agent may include an object oriented representation of a 
system and may actively seek, and cooperate with, other agents by reference to a broker 
service. Specifically, Buckle teaches that by transmitting "an ontology" between agents, 
task functionality available at a* first agent may be made available to other agents "in a 
defined and unambiguous form." Nowhere does Buckle describe or even mention any 
sort of access control. Buckle clearly fails to teach "access control so that one of the 
managers is granted access to one of the managed objects while being prevented from 
interfacing with a different one of the managed objects" as asserted by the Examiner. 
Apparently, the Examiner is confusing providing "access" with providing "access control 
so that one of the managers is granted access to one of the managed objects while being 
prevented from interfacing with a different one of the managed objects". 

The Examiner argues that the "object-level control" of Barker combined with the 
"concept of usage at individual object level" of Barry and further combined with the 
domain-based "access control" of Buckle somehow teaches or suggest the specific 
limitation of providing object-level access control between managers and managed 
objects to receive the one or more events from or to send the one or more requests to the 
managed objects, where the object-level access control is provided at an individual object 
level, as recited in Applicants' claim 1. The Examiner's position is completely 
unsupported by the teachings of the cited art. None of the references, either alone or 
in combination teach or suggest object-level access control between managers and 
managed objects to receive the one or more events from or to send the one or more 
requests to the managed objects, where the object-level access control is provided at an 
individual object level, as recited in Applicants' claim 1. Instead, as shown above, 
Barker, Barry and Buckle all teach access control that is specifically not provided at an 
individual object level. The access control of Barker is at the client level and Barry's is 
at the user level. As noted above, Buckle fails to teach any sort of access control 
whatsoever. Furthermore, Barry is completely silent in regard to any type of access 
control for receiving events from or sending requests to managed objects, as managed 
objects are understood in the art. 
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The Examiner's combination of Barker, Barry and Buckle does not in any way 
teach or suggest a gateway that is configurable to provide object-level access control 
between the one or more managers and the managed objects to receive the one or more 
events from or to send the one or more requests to the managed objects, where the object- 
level access control is provided at an individual object level so that one or of the one or 
more managers is granted access to one of the managed objects while being prevented 
from interfacing with a different one of the managed objects, as recited in claim 1. 
Instead, even if the combination of references was proper, the Examiner's proposed 
combination of Barker, Barry and Buckle would at most result only in the CORBA-based 
remote management system of Barker, that utilized the graphical user interface as taught 
by Barry and that also includes agent discovery and communication as taught by Buckle. 
Thus, the Examiner's proposed combination of Barker, Barry and Buckle clearly does not 
teach all the limitations of Applicants' claim 1. As the Examiner is surely away, to 
establish a prima facie obviousness of a claimed invention, all claim limitations must be 
taught or suggested by the prior art. In re Royka, 490 F.2d 981, 180 U.S.P.Q. 580 
(C.C.P.A. 1974), MPEP 2143.03. Obviousness cannot be established by combining or 
modifying the teachings of the prior art to produce the claimed invention, absent some 
teaching or suggestion or incentive to do so. In re Bond, 910 F. 2d 81, 834, 15 USPQ2d 
1566, 1568 (Fed. Cir. 1990). Since, as shown above, the Examiner's combination of 
Barker, Barry and Buckle fails to teach all the limitations of Applicants' claim 1, the 
Examiner has failed to provide a prima facie rejection. 

Moreover, there is no motivation found in the evidence of record to combine the 
teachings of the cited art in a way that would result in Applicants' claimed invention. 
The rejection of claim 1 is clearly a case of the Examiner simply attempting to identify 
features of Applicants' claimed invention in disparate references. The Examiner is 
clearly attempting a piecemeal reconstruction of Applicants' invention in hindsight 
without considering the claimed invention as a whole. Such reconstruction is improper. 
See, e.g., Interconnect Planning Corp. v. Feil, 774 F.2d 1132, 1143, 227 USPQ 543, 551 
(Fed. Cir. 1985) (it is insufficient to select from the prior art the separate components of 
the inventors combination, using the blueprint supplied by the inventor); Uniroyal, Inc. 
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v. Rudkin-Wiley Corp,, 837 F.2d 1044, 1051-52, 5 USPQ 2d 1434, 1438 (Fed. Cir. 1988) 
(it is impermissible to reconstruct the claimed invention from selected pieces of prior art 
absent some suggestion, teaching, or motivation in the prior art to do so). The Examiner 
cannot use the claimed invention as an instruction manual or "template" to piece together 
the teachings of the prior art so that the claimed invention is rendered obvious. In re 
Fritch, 23 USPQ 2d 1780, 1784 (Fed. Cir. 1992). "One cannot use hindsight 
reconstruction to pick and choose among isolated disclosures in the prior art to deprecate 
the claimed invention." In re Fine, 837 F.2d 1071, 1075, 5 USPQ 2d 1596, 1600 (Fed. 
Cir. 1988). 

The Examiner merely states that it would have been obvious to combine the 
teachings of Barker and Barry "because the concept of accessing individual object level 
would enhance supporting event / request by the object." This statement by the Examiner 
is found nowhere in any evidence of record and thus can only have come in hindsight 
from Applicants' own teachings. An obviousness claim that lacks factual evidence of a 
suggestion or motivation for one of skill in the art to combine prior art references to 
produce the claimed invention is defective as hindsight analysis. In addition, the showing 
of a suggestion, teaching, or motivation to combine prior teachings "must be clear and 
particular. Broad conclusory statements regarding the teaching of multiple references, 
standing alone, are not 'evidence'." In re Dembiczak, 175 F.3d 994, 50 USPQ2d 1614 
(Fed. Cir. 1999). The art must fairly teach or suggest to one to make the specific 
combination as claimed . That one achieves an improved result by making such a 
combination is no more than hindsight without an initial suggestion to make the 
combination . Such an initial suggestion must be supported by evidence of record. The 
Examiner's stated motivation is merely a desired result from the combination in an 
attempt to reconstruct Applicants' claimed invention, not a suggestion or motivation to 
combine Barker and Barry. 

The Examiner has also failed to state a proper motivation to combine the 
teachings of Buckle with those of Barker and Barry. The Examiner states that it would 
have been obvious to combine the teachings of Barker and Barry with those of Buckle 
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"because the concept of accessing a single object would enhance supporting 
event/request for the particular object." The Examiner also states that "prevention of 
accessing the other object when accessing the object would enhance supporting 
event/request specific to the object and not in common with the other object". These 
statement by the Examiner are found nowhere in any evidence of record and thus can 
only have come in hindsight from Applicants' own teachings. None of the cited art 
suggests "prevention of accessing the other object when accessing the object would 
enhance supporting event/request specific to the object and not in common with the other 
object". The Examiner has again merely stated a desired result from the combination in 
an attempt to reconstruct Applicants' claimed invention, not a suggestion or motivation to 
combine the teachings of Buckle with those of Barker and Barry. 

Whether a motivation to combine prior art references has been demonstrated is a 
question of fact. Winner Int'l Royalty Corp. v. Wang, 202 F.3d 1340, 1348, 53 USPQ2d 
1580, 1586 (Fed. Cir. 2000). The statute clearly places the burden of proof to satisfy the 
question of fact on the Examiner which requires him to produce the factual basis for his 
rejection. In re Warner, 154 USPQ 173, 177 (C.C.P.A. 1967), cert denied, 389 U.S. 
1057 (1968). The Examiner has completely failed to meet his burden of proof since 
the Examiner has not provided any factual evidence showing a suggestion of 
desirability to combine Barker, Barry and Buckle. "The factual inquiry whether to 
combine references must be thorough and searching." McGinley v. Franklin Sports, Inc., 
60USPQ2d 1001, 1008 (Fed. Cir. 2001). It must be based on objective evidence of 
record. "This precedent has been reinforced in myriad decisions, and cannot be 
dispensed with." In re Lee, 61 USPQ2d 1430, 1433 (Fed. Cir. 2002). "A showing of a 
suggestion, teaching, or motivation to combine the prior art references is an essential 
component of an obviousness holding." Brown & Williamson Tobacco Corp. v. Philip 
Morris Inc., 56 USPQ2d 1456, 1459 (Fed. Cir. 2000). The Federal Circuit has stated: 
"Our case law makes clear that the best defense against the subtle but powerful attraction 
of a hindsight-based obviousness analysis is rigorous application of the requirement for a 
showing of the teaching or motivation to combine prior art references." The need for 
specificity pervades this authority. See, e.g., In re Kotzab, 217 F.3d 1365, 1371, 55 
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USPQ2d 1313, 1317 (Fed. Cir. 2000) ("particular findings must be made as to the reason 
the skilled artisan, with no knowledge of the claimed invention, would have selected 
these components for combination in the manner claimed"); In re Rouffet, 149 F.3d 1350, 
1359, 47 USPQ2d 1453, 1459 (Fed. Cir. 1998) ("the [Examiner] must identify 
specifically the principle, known to one of ordinary skill, that suggests the claimed 
combination. In other words, the [Examiner] must explain the reasons one of ordinary 
skill in the art would have been motivated to select the references and to combine them to 
render the claimed invention obvious."); In re Fritch, 972 F.2d 1260, 1265, 23 USPQ2d 
1780, 1783 (Fed. Cir. 1992) (the examiner can satisfy the burden of showing obviousness 
of the combination "only by showing some objective teaching in the prior art or that 
knowledge generally available to one of ordinary skill in the art would lead that 
individual to combine the relevant teachings of the references"). 

Furthermore, Barker teaches away from object-level access control. Barker 
teaches that a client can specify a range of managed object instance identifiers, or even 
request all instances in a managed object call through the managed object instance 
identifier parameter (Barker, column 25, lines 27-28). Hence, Barker teaches that once a 
client has been properly authenticated at the start of a session, that client may then 
register for attribute update notification for a number of managed objects through a single 
call. Such functionality is clearly not compatible with object-level access control, and 
thus Barker clearly teaches away from object-level access control, wherein the object- 
level access control is provided at the individual object level so that one of the managers 
is granted access to one of the managed objects while being prevented from interfacing 
with a different one of the managed objects. Thus, Barker actually teaches away from the 
Examiner's proposed combination of Barker, Barry and Buckle. References that teach 
away cannot serve to create a prima facie case of obviousness. In re Gurley, 27 F.3d 551, 
553, 31 USPQ2d 1131, 1132 (Fed. Cir. 1994). Moreover, since Barker teaches away 
from object-level access control, modifying Barker to use object-level access control 
would necessarily change the principle of operation of Barker's system. As the Examiner 
is surely away, if the proposed modification or combination of the prior art would change 
the principle of operation of the prior art invention being modified, then the teachings of 
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the references are not sufficient to render the claims prima facie obvious; M.P.E.P. § 
2143.01; and In re Ratti, 270 F.2d 810, 123 USPQ 349 (CCPA 1959). 

Thus, for at least the reasons above, the rejection of claim 1 is not supported by 
the prior art and removal thereof is respectfully requested. Similar remarks as those 
above regarding claim 1 also apply to claims 58. 

Regarding claim 20, the combination of Barker, Barry and Buckle does not teach 
or suggest determining on a managed object level whether or not the manager application 
is allowed to receive an event generated by one of a plurality of managed objects or to 
send a request to the one of the plurality of managed objects as a function of the identity 
of the user of the manager application. The Examiner cites column 7, lines 47-63 and 
column 8, line 53 - column 9, line 19 of Barker. However, the cited passages do not 
mention anything about determining on a managed object level whether or not a manager 
application is allowed to receive an event generated by a managed object or send a 
request to a managed object as a function of the identity of the user of the manager 
application. Instead, these passages of Barker only refer to his use of EMAPI, CORBA, 
Java, C++, and SNMP, but fail to mention anything regarding any sort of access control 
for any portion of Barker's system. The Examiner has not cited any particular portion in 
Barker that describes the features the Examiner is attributing to Barker's system. In fact, 
the Examiner is incorrectly assuming that Barker's use of CORBA and the HOP protocol 
includes object level access control such that one of the managers is granted access to one 
of the managed objects while being prevented from interfacing with a different one of the 
managed objects. 

Barker further teaches the use of a single service object "to provide services for a 
class of managed objects" (underlining added) (Barker, column 14, lines 42-43) and that 
the EM server "will implement one application-specific service object for each type of 
physical or logical resource to be managed" (underlining added) (Barker, column 39, 
lines 60-62). Applicants assert that access control on a command/client basis while using 
a single service object for each class of managed object actually teaches away from 
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determining on a managed object level whether or not the manager application is allowed 
to send a request to the managed object. As note above 

Furthermore, Barker fails to disclose that access for the manager application to 
receive the event or send the request is approved or denied for said one of the plurality of 
managed objects at the individual object level so that the manager application is granted 
access to one of the plurality of managed objects while being prevented from interfacing 
with a different one of the plurality of managed objects. Instead, Barker discloses a 
method "of client based access control of network elements" (emphasis added, Barker, 
column 30, lines 45-46) that "provides a means to restrict access on a command/client 
basis" (emphasis added, Barker, column 31, lines 10-12). Barker does not describe his 
access control features as restricting access at the object level. Please refer to Applicants 
arguments above regarding claim 1 for a more detailed discussion regarding Barker's 
failure to teach object level access control. 

Barry and Buckle are not relied upon by the Examiner to teach this limitation, nor 
do they overcome the above-noted deficiencies of Barker regarding determining on a 
managed object level whether or not the manager application is allowed to receive an 
event generated by one of a plurality of managed objects or to send a request to the one of 
the plurality of managed objects as a function of the identity of the user of the manager 
application. Or about where access for the manager application to receive the event or 
send the request is approved or denied for said one of the plurality of managed objects at 
the individual object level so that the manager application is granted access to one of the 
plurality of managed objects while being prevented from interfacing with a different one 
of the plurality of managed objects. Thus, the Examiner's combination of Barker, Barry 
and Buckle does not teach or suggest the limitations of Applicants' claim 20. 

For at least the reasons given above, the rejection of claim 20 is not supported by 
the prior art and its removal is respectfully requested. Similar remarks as discussed 
above in regard to claim 20 apply to claims 39, 59, and 60. 



09/556,068 (5181-48400/P4500) 



43 



Meyertons, Hood, ICivlin, FCowert & Goetzel, P.C. 



The also Examiner rejected claims 8, 27 and 46 under 35 U.S.C. § 103(a) as being 
unpatentable over Barker, Barry and Buckle in view of Official Notice, claims 1 1-15, 30- 
34 and 49-53 as being unpatentable over Barker, Barry, Buckle, Olden-RSA-Security in 
view of Official Notice. Applicants respectfully traverse the rejection of these claims for 
at least the reasons presented above, regarding their respective, independent claims. 

In regard to claims 8, 27 and 46, the Examiner takes official notice that "both the 
concept and advantages of providing [an] object corresponding to a telephone network is 
well known and expected in the art." Pursuant to M.P.E.P. § 2144.03, Applicant 
traverses the Examiner's taking of Official Notice in regard to the specific combination 
of features recited in claims 8, 27 and 46. Applicant asserts that it was not well known in 
the prior art for a gateway coupled to a plurality of managed objects and which is 
configured to deliver events generated by the managed objects to one or more managers 
or to deliver one or more requests generated by the one or more managers to one or more 
of the managed objects and wherein the gateway is configured to provide object-level 
access control between the one or more managers and the managed objects, wherein the 
managed objects comprise one or more objects corresponding to a telephone network. 
Pursuant to M.P.E.P. § 2144.03 Applicants repeat the assertion that "the examiner must 
provide documentary evidence in the next Office action if the rejection is to be 
maintained. See also 37 CFR 1.104(c)(2), (d)(2) and In re Zurko, 258 F.3d 1379, 1386 
(Fed. Cir. 2001). Furthermore, Applicants note that the Examiner has failed to 
provide any documentary evidence in support of the Examiner's taking of Official 
Notice in response to Applicants assertion in the previous response, pursuant to 
M.P.E.P. § 2144.03, that he do so. 

Moreover, the Examiner's stated motivation to combine the teachings of his 
Official Notice with the other cited references is completely conclusory and not 
supported by any evidence of record. Thus, the rejection of claims 8, 27 and 46 is 
improper and removal thereof is respectfully requested. 
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In further regard to claims 11-15, 30-34 and 49-53, the Examiner takes official 
notice that "both the concept and advantages of providing access to a logging service, to 
log an ID of a user, to log an ID of the object is well known and expected in the art." 
Pursuant to M.P.E.P. § 2144.03, Applicant traverses the Examiner's taking of official 
notice in regard to the specific combination of features recited in these claims. 
Applicants assert that it was not well known in the prior art for a gateway that provides 
% object-level access control to provide access to a logging service, to log an ID of user or 
to log an ID of a managed object. In fact, as admitted by the Examiner, Barker, Barry 
and CORBA/TMN all fail to teach providing access to a logging service, to log an ID of 
user or to log an ID of a managed object. Pursuant to M.P.E.P. § 2144.03 Applicants 
repeat the previous assertion that "the examiner must provide documentary evidence in 
the next Office action if the rejection is to be maintained. See also 37 CFR 1.104(c)(2), 
(d)(2) and In re Zurko, 258 F.3d 1379, 1386 (Fed. Cir. 2001). Furthermore, the 
Examiner's stated motivation to combine the teachings of his Official Notice with the 
other cited references is completely conclusory and not supported by any evidence of 
record. Applicants note that the Examiner has failed to provide any document 
evident in the current office action even through Applicants asserted in the previous 
Response, pursuant to M.P.E.P. § 2144.03, "the examiner must provide 
documentary evidence in the next Office action if the rejection is to be maintained." 

The Examiner rejected claims 2-4, 10, 21-23, 29, 40-42 and 48 under 35 U.S.C. § 
103(a) as being unpatentable over Barker, Barry and CORBA/TMN in view of Olden 
(U.S. Patent 6,460,1 4 1)/RS A Security, Inc. (hereinafter "Olden-RSA-Security"), claims 
18, 37 and 56 as being unpatentable over Barker, Barry, CORBA/TMA in view of 
Hearne, et al. (U.S. Publication 2001/00521 13) (hereinafter "Hearne") in view of Solstice 
Enterprise Manager 4.1 Managing your Network (hereinafter "Solstice"), claims 19, 38 
and 57 as being unpatentable over Barker, Barry, CORBA/TMN in view of Hearne, 
claims 2-4, 10, 21-23, 29, 40-42 and 48 as being unpatentable over Barker, Barry and 
Buckle in view of Olden-RSA-Security, claims 18, 37 and 56 as being unpatentable over 
Barker, Barry and Buckle in view of Hearne and Solstice, claims 9, 38 and 57 as being 
unpatentable over Barker, Barry, Buckle in view of Hearne. Applicants respectfully 
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traverse the rejection of these claims for at least the reasons presented above regarding 
their respective, independent claims. 

Section 102(e) Rejection : 

The Examiner rejected claims 1-6, 8-11, 16, 17, 20-25, 27-30, 35, 36, 39-44, 46- 
49, 54, 55 and 58-60 as being anticipated by Vuong, et al. (U.S. Patent 6,430,578) 
(hereinafter "Vuong"). Applicants respectfully traverse this rejection for at least the 
reasons presented below. 

Regarding claim 1, contrary to the Examiner's assertion, Vuong fails to disclose a 
gateway which is coupled to a plurality of managed objects and which is configured to 
deliver one or more events generated by the managed objects to one or more managers or 
to deliver requests generated bv the managers to one or more of the managed objects. 
Vuong teaches a naming service that provides unique identifiers and addresses for 
processes on a computer network. Vuong' s name service includes a database of the 
identifiers and addresses and the name service responds to queries by searching the 
database and returning any results. (Vuong, Abstract; column 2, lines 7-15). 

The Examiner cites column 5, line 57 - column 6, line 23. However, the cited 
passage describes how Vuong' s name service accepts names from agents on the computer 
network and, after determining whether or not the name is unique, either adds the agent's 
name to the name service's database or sends a "refuse request" message to the agent. 
The cited passage does not mention any gateway coupled to a plurality of managed 
objects. Database entries are not managed objects, as managed objects are understood in 
the art. Presumably the Examiner interprets Vuong' s name service as a gateway. 
However, Vuong' s name service is not coupled to a plurality of managed objects. 
Instead, Vuong' s name service merely handles requests to add names to as well as 
queries to retrieve information from the name service's database. Even if one could 
interpret Vuong's name service database as a managed object, which Applicants maintain 
one cannot, the database is clearly not managed by the requesting agents. Merely 
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requesting that a name and/or address be inserted as an entry into the database does not 
constitute managing the database. Clearly Vuong's name service manages the database. 
In fact, Vuong very clearly states, "Name Service 112 maintains a database holding 
identification and addressing information" and "the database controlled by the Name 
service is an object-oriented database" (emphasis added, Vuong, column 3, lines 57-63). 
Thus, Vuong teaches that his name service controls and maintains the database. 

Additionally, agents registering their names with Vuong's name service are not 
managers and do not generate requests to managed objects. Instead, Vuong's agents 
merely request that their name (and address) be included in the name service's database. 
Vuong does not teach that an agent registering its name with the name service is a 
manager generating requests to a managed object. Instead, as noted above, Vuong's 
name service maintains and controls the database. 

Vuong also fails to disclose a gateway configurable to provide object-level access 
control between the managers and the managed objects. The Examiner cites column 2, 
lines 26-52 and column 6, lines 42-59 of Vuong. The first cited passage provides an 
introduction to Vuong's name service for "managing names and identities of processes 
running on a computer network" (Vuong, column 2, lines 26-28). This passage further 
describes how Vuong's name service includes a receiver that accepts a name from a 
process on the computer network and a comparator configured to determine whether the 
process is a component of the computer management infrastructure for the computer 
network. The second cited passage (Vuong, column 6, lines 42-59) describes the ability 
of Vuong's name service to respond to "relatively sophisticated queries." For example, 
Vuong's query syntax supports prefixes, suffixes, infixes, and full or partial names using 
wildcards. This passage further describes how registered entities may receive updates or 
changes made to the name service's database. However, nowhere in either cited passage, 
nor in fact in the entire Vuong reference, is there any mention of a gateway configured to 
provide object-level access control between managers and managed objects. 
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Instead, Vuong provides a name service that collects, maintains, and disseminates 
unique identifiers and addresses for processes on a computer network. Providing 
identifiers and addresses for processes on a computer network is clearly not the same as 
providing object-level access control between managers and managed objects. Vuong 
does not mention any sort of access control in his name service. The Examiner seems to 
be implying that any form of object-level access necessarily includes object-level access 
control at the individual object level. However, object-level access can be provided with 
or without imposing object-level access control Vuong does not disclose or complete 
any form of access control. 

Furthermore, Vuong fails to disclose wherein the object-level access control is 
provided at the individual object level so that one of the managers is granted access to 
one of the managed objects while being prevented from interfacing with a different one 
of the managed objects. The Examiner again cites column 2, lines 26-52 and column 6, 
lines 42-59 of Vuong. However, neither of these passages mentions anything regarding a 
agent, which the Examiner is presumably interpreting as a manager, being granted access 
to one database entry, which the Examiner is presumably interpreting as a managed 
object, while being prevented from interfacing with a different one of the database 
entries. Instead, the cited passages describe how Vuong's name service responds to 
queries. Vuong doesn't mention anything regarding preventing access to his database on 
an entry-level basis. 

Thus, for at least the reasons above, the rejection of claim 1 is not supported by 
the prior art and removal thereof is respectfully requested. Similar remarks as those 
above regarding claim 1 also apply to claims 58. 

Regarding claim 20, Vuong fails to disclose determining on a managed object 
level whether or not the manager application is allowed to receive an event generated by 
one of a plurality of managed objects or to send a request to the one of the plurality of 
managed objects as a function of the identity of the user of the manager application . The 
Examiner cites column 7, lines 9-32. However, the cited reference has absolutely no 
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relevance to determining, as a function of the identity of a user of the manager 
application whether or not the manager application is allowed to receive an event 
generated by or to send a request to one of a plurality of managed object. Instead, the 
cited reference merely describes how an agent, or other entity on the computer network, 
can de-register with Vuong's name service and thereby remove its name from the name 
service's database. The cited reference makes not mention to determining whether or the 
requesting agent can access a managed object. Even if one interprets the entries of 
Vuong's database as managed object, which Applicants maintain one cannot, the cited 
passage still does not disclose anything regarding determining whether or not the de- 
registering agent can access the database entry. Instead, Vuong teaches only that the 
name service checks the agent's name against the database and if it is found, the entry is 
removed. 

Vuong also fails to disclose whereby access for the manager application to receive 
the event or send the request is approved or denied for said one of the plurality of 
managed objects at the individual object level so that the manager application is granted 
access to one of the plurality of managed objects while being prevented from interfacing 
with a different one of the plurality of managed objects, contrary to the Examiner 
contention. The Examiner cites column 8, lines 21-42 of Vuong. Applicants can see no 
relevance of the cited passage. The cited passage discusses the "various devices and 
entities" that reside on and communicate over a computer network. Vuong mentions 
devices and entities such as client computers, data storage devices, modems, printers, 
hubs, routers, packet switches, hosts, and bridges. The cited passage is, however, 
completely silent regarding approving or denying access for a manager application at an 
individual object level so that the manager application is granted access to one while 
being prevented from interfacing with a different one of a plurality of managed objects. 
The Examiner seems to be arguing that merely listing various devices that may reside and 
communicate on a computer network implies providing such access control at an 
individual object level. The Examiner is clearly inserting his own assumptions into 
Vuong's system through hindsight speculation. 
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For at least the reasons given above, the rejection of claim 20 is not supported by 
the prior art and its removal is respectfully requested. Similar remarks as discussed 
above in regard to claim 20 apply to claims 39, 59, and 60. 

The Examiner also rejected claims 1-6, 8-11, 16, 17, 20-25, 27-30, 35, 36, 39-44, 
46-49, 54, 55 and 58-60 as being anticipated Spencer (U.S. Patent 6,253,243). Applicants 
respectfully traverse this rejection for at least the reasons presented below. 

Regarding claim 1, Spencer fails to disclose a gateway configurable to provide 
object-level access control between the managers and the managed objects to receive the 
events from or to send the requests to the managed objects, contrary to the Examiner's 
assertion. The Examiner cites a passage (column 5, lines 46-65) where Spencer describes 
how a user-developed management application 300 communicates with MIS server 306 
via a portable management interface (PMI) 302. Spencer describes how PMI 302 is an 
object-oriented interface that provides access to management information. The cited 
passage does not teach anything about a gateway providing object-level access control 
between managers and managed objects. The Examiner has not provided any argument 
or explanation regarding his interpretation of the cited passage. 

Spencer further fails to disclose wherein the object-level access control is 
provided at the individual object level so that one of the managers is granted access to 
one of the managed objects while being prevented from interfacing with a different one 
of the managed objects, contrary to the Examiner's contention. The Examiner cites 
column 7, lines 35-57 of Spencer. However, the cited passage teaches how Spencer's 
SNMP trap system extracts the IP address from an <agent_addr> field of the SNMP trap 
Protocol Data Unit (PDU). The PDU is the format for SNMP trap data in Spencer's 
system. After extracting the IP address, Spencer's system determines if there is an object 
configured to represent that agent system. If such an object is found, the trap's 
originating system's cmipsnmpProxyAgent instance is set as the source object instance 
for the trap alarm. Thus, the Examiner's cited passages not only fail to mention anything 
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about object-level access control, it has no relevance to access control. Spencer does not 
teach anything about providing object-level access control at the individual object level 
so that a manager is granted access to one managed object while being prevented from 
interfacing with a different one of the managed objects. 

Thus, for at least the reasons above, the rejection of claim 1 is not supported by 
the prior art and removal thereof is respectfully requested. Similar remarks as those 
above regarding claim 1 also apply to claims 58. 

Regarding claim 20, contrary to the Examiner's assertion, Spencer fails to 
disclose sending an identity of a user of a manager application to a gateway. The 
Examiner cites column 7, lines 35-67 of Spencer. However the cited passage makes no 
mention of sending an identity of a user of a manager application to a gateway. Instead, 
the cited passage describes how Spencer's system uses an IP address to locate a proxy 
agent object to represent a SNMP trap's agent system. Nowhere does Spencer mention 
sending an identity of a user of a manager application to a gateway. 

Additionally, Spencer fails to disclose determining on a managed object level 
whether or not the manager application is allowed to receive an event generated by one of 
a plurality of managed objects or to send a request to the one of the plurality of managed 
objects as a function of the identity of the user of the manager application, contrary to the 
Examiner's contention. The Examiner cites column 5, line 53 to column 6, line 13. 
However, the cited passage does not teach or even mention determining on a managed 
object level whether or note the manager application is allowed to receive an event 
generated by or to send a request to one of the plurality of managed objects as a function 
of the identity of the user of the manager application. Instead, the cited passage describes 
how a managed application 300 communicates with an MIS server according to the 
portable management interface and how the portable management interface is able to 
access managed object instance state information, class schema, and event services. 
Spencer does not discuss or mention anything about an identity for a user of a manager 
application. Nor does Spencer mention determining whether or not the manager 
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application can send requests or send events to managed objects as a function of the 
identity of the user of the manager application. 



Spencer also fails to disclose whereby access for the manager application to 
receive the event or send the request is approved or denied for said one of the plurality of 
managed objects at the individual object level so that the manager application is granted 
access to one of the plurality of managed objects while being prevented from interfacing 
with a different one of the plurality of managed objects, contrary to the Examiner 
assertion. The Examiner again cites column 7, lines 35-67 of Spencer. However, as 
noted above, this passage does not mention any sort of object-level access control. 
Nowhere does Spencer mention anything regarding approving or denying the manager 
application access to receive an event or send a request at the individual object level. The 
cited passage fails to mention any sort of access control whatsoever. The Examiner has 
clearly misunderstood or misinterpreted the teachings of Spencer. 

For at least the reasons given above, the rejection of claim 20 is not supported by 
the prior art and its removal is respectfully requested. Similar remarks as discussed 
above in regard to claim 20 apply to claims 39, 59, and 60. 

Regarding both the 102 and 103 rejections, Applicants also assert that numerous 
ones of the dependent claims recite further distinctions over the cited art. However, since 
the rejections have been shown to be unsupported for the independent claims, a further 
discussion of the dependent claims is not necessary at this time. 
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CONCLUSION 



Applicants submit the application is in condition for allowance, and prompt notice 
to that effect is respectfully requested. 

If any extension of time (under 37 C.F.R. § 1.136) is necessary to prevent the 
above-referenced application from becoming abandoned, Applicants hereby petition for 
such an extension. If any fees are due, the Commissioner is authorized to charge said 
fees to Meyertons, Hood, Kivlin, Kowert, & Goetzel, P.C. Deposit Account No. 
501505/51 8 1-48400/RCK. 

Also enclosed herewith are the following items: 
Return Receipt Postcard 

□ Petition for Extension of Time 

□ Notice of Change of Address 

□ Other: 



Meyertons, Hood, Kivlin, Kowert, & Goetzel, P.C. 

P.O. Box 398 

Austin, TX 78767-0398 

Phone: (512) 853-8850 

Date: July 10, 2006 



Respectfully submitted, 




Robert C. Kowert 
Reg. No. 39,255 

ATTORNEY FOR APPLIC ANT(S) 
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